Privacy Policy
Last updated: 2025-08-101. General Provisions
This Policy explains how mitla.shop (“Service”) processes users' personal data. The Service is an online platform for posting listings and facilitating interactions between users, and does not accept payments, does not store payment details, does not perform escrow, and is not a party to sales transactions.
2. Data Controller and Contacts
Data Controller: Administration of mitla.shop.
Contact for inquiries: [email protected].
A postal address or an authorized representative may be indicated if necessary.
3. Categories of Data
Account data: name/nickname, email, phone (if provided), account ID.
Operational data: history of listings/orders, support inquiries, technical event logs.
Technical data: IP address, user-agent, cookie identifiers, timestamps. The Service does not store payment card data and does not process payments.
4. Purposes and Legal Grounds for Processing
Providing the service functionality: account creation and maintenance, posting listings, processing user actions (performance of a contract).
Security and abuse prevention: monitoring, incident diagnostics, infrastructure protection (legitimate interest).
Communications: service notifications, support responses (performance of a contract/legitimate interest). Marketing messages — only with separate consent, which can be withdrawn.
5. Cookies and Analytics
Cookies are used for session authentication, saving preferences, and basic analytics. You can manage cookies in your browser settings. Disabling certain cookies may limit account features.
6. Data Sharing with Third Parties
Data may be processed by infrastructure providers (hosting, email, monitoring) or disclosed to competent authorities if required by law. We do not sell personal data and do not share it for marketing purposes without your consent.
7. International Transfers
If data processors are located outside Ukraine/EEA, appropriate transfer safeguards are applied (contractual clauses, technical and organizational measures).
8. Data Retention
Data is retained while the account is active or as long as needed for processing purposes. Technical logs are kept for a limited time. Data may be stored longer if required by law.
9. Security
We apply HTTPS, access control, auditing, and backups. No method can guarantee absolute security, but we continually improve protection.
10. Data Subject Rights
You have the right to access, rectify, erase, restrict processing, object to processing, data portability (if applicable), and withdraw consent. Send requests to [email protected]. We respond within 30 days, with a possible 30-day extension for complex cases.
11. Age Restrictions
The Service is intended for users aged 18 and over. If you are under 18, you may not register or use the Service.
12. Changes to the Policy
We may update this Policy. The current version is available on this page with the update date. In case of significant changes, we may send notifications to users.
Data protection contact: [email protected]